NSX, a VMware Network Virtualization product acting as a market leader in software-defined network and security is a game-changer offering a wide variety of features and functionalities that distributes networking and security functions to compute nodes, decoupling software from the underlying hardware.
Similar to other software-defined solutions, NSX also separates the control plane from the data plane, which means you don’t need specific hardware to be able to deploy NSX. Only the MTU of 1600 Bytes or more is the only requirement. This is in contrast to other products like Cisco ACI which only works with certain Cisco switches and is highly dependent on specific hardware models.
NSX also is a multi-hypervisor and multi-cloud solution that supports ESXi and KVM hosts and a variety of public clouds like AWS and Azure. Besides, it supports bare metals as well.
Another benefit of NSX is that it supports cloud-native applications and you’ll have control over different containers. This is one of the challenges of companies and enterprises that have transformed from monolithic architecture to microservices architecture with no security control in mind which has introduced security concerns. DevSecOps is a term that is hot these days.
NSX Architecture Components
From a high-level point of view, NSX consists of 3 main components:
- Management Plane
- Control Plane
- Data Plane
Management Plane
The management plane is the entry point to the NSX environment through both GUI and APIs. It is the place you use for the configuration of NSX environment and operational tasks on other planes, as well.
Control Plane
Configuration in the Management plane will be translated to the stateless configuration in the control plane. The control plane consists of two components CCP (Central Control Plane) and LCP(Local Control Plane). CCP is implemented as a cluster of VMs while LCP is implemented in the data plane layer in the transport nodes (ESXi, KVM, Edge, bare-metal). LCP is connected to the CCP and gets the configuration and gives it to the forwarding engines. Please noted that no user traffic will be forwarded to the CCP and failure of the CCP does not affect actual traffic.
NSX Manager
NSX Manager is a cluster of virtual machines that host management and control plane instances. In fact, you connect to one of the NSX managers to do the configuration. NSX manager has also an in-memory database that is synchronized across all the nodes. You can also set a virtual IP that is shared between three NSX manager nodes.
Data Plane
The data plane is where the actual traffic is generated from. It performs stateless configuration based on what it has received from the control plane. It also reports topology information to the control plane and maintains packet-level statistics. Those who participate in the data plane which has the LCP instance of the control plane deployed are called Transport Nodes. Transport Nodes have an instance of NSX virtual switch called N-VDS running on them. Depending on the type of transport node, the edition of N-VDS will differ. If ESXi is the case, an edition of N-VDS which is built on top of vSphere Distributed Switch will be running, but for the other Transport Nodes, the N-VDS is based on OVS (Open vSwitch).
As stated before there will be hypervisor-based Transport Nodes as well as Edge Nodes:
- Hypervisors: ESXi (vDS-based N-VDS), KVM (OVS-based N-VDS)
- Edges: Edge nodes are VM appliances that can also be instantiated on bare metals and offer central services like NAT. Edge nodes can be used in a cluster of VMs or individual appliances that act like a resource pool that different services can benefit from.
I hope this’s been informative for you. In the coming posts, I’ll cover more details of NSX components.